Beware of eCh0raix Ransomware Attacks, QNAP Warns Customers

 

QNAP warned its users of an actively exploited Roon Server zero-day vulnerability and eCh0raix ransomware attacks that are targeting its Network Attached Storage (NAS). The Taiwanese vendor claimed that it has received reports of ongoing eCh0raix ransomware attacks that infected QNAP NAS devices using weak passwords.

" The eCh0raix ransomware has been reported to affect QNAP NAS devices," the company said. Devices using weak passwords may be susceptible to attack. QNAP urged customers to "act immediately" to protect their data from potential eCh0raix attacks by: 

• Using stronger passwords for your administrator accounts. 

• Enabling IP Access Protection to protect accounts from brute force attacks. 

• Avoiding using default port numbers 443 and 8080. 

However, QNAP didn't mention how many reports it received from users directly affected by eCh0raix ransomware in the last weeks. QNAP also issued another security advisory to warn of an actively exploited zero-day vulnerability impacting Roon Labs’ Roon Server 2021-02-01 and earlier versions. 

“The QNAP security team has detected an attack campaign in the wild related to a vulnerability in Roon Server. QNAP NAS running the following versions of Roon Server may be susceptible to attack: Roon Server 2021-02-01 and earlier. We have already notified Roon Labs of the issue and are thoroughly investigating the case. We will release security updates and provide further information as soon as possible,” reads the advisory.

QNAP also provided the necessary safety measures by which users can disable Roon Server on their NAS:

1. Log on to QTS as administrator and open the app Center and then click. A search box appears.

2. Type "Roon Server" and then press ENTER. Roon Server appears in the search results.

3. Click the arrow below the Roon Server icon. 

4.  Select Stop. The application is disabled.

Unfortunately, QNAP has been on the target list of threat actors for quite some time. QNAP devices were previously targeted by eCh0raix ransomware (also known as QNAPCrypt) in June 2019 and June 2020. 

A massive Qlocker ransomware campaign also hit QNAP devices starting mid-April, with the threat actors behind the attacks making $260,000 in just five days by remotely encrypting data using the 7zip archive program.